Welcome to bonVito

Please activate JavaScript

Dear bonVito User,

to use bonVito, you must use a JavaScript-capable browser. All common browsers (e.g. Mozilla Firefox or Internet Explorer) generally support JavaScript. However, the use of JavaScript may be deactivated in your browser. Therefore, please make sure that JavaScript is activated in your browser settings and reload this page.

JavaScript may also be deactivated by a firewall setting.

Your bonVito team

Please enable cookies

Dear bonVito User,

In order to use bonVito you have to accept cookies for your browser. The support of cookies may be disabled in your browser settings. Please make sure that cookies are enabled in your browser settings and load this page again.

We
generally only process personal data if this is necessary to provide a
functioning website as well as our contents and services. Personal data will
only be processed with the user’s consent or in cases where prior consent
cannot be obtained for practical reasons and where data processing is permitted
by law.

If
we obtain the consent of the data subject for processing personal data, Article
6 Para. 1 Lit. a EU General Data Protection Regulations (GDPR) serves as the
legal basis.

When
processing personal data required for the performance of a contract to which
the data subject is a party, Article 6 Para. 1 Lit. b serves as the legal
basis. This also applies to processing required for executing precontractual
measures.

If
processing personal data is required to fulfil a legal obligation to which our
company is subject, Article 6 Para. 1 Lit. c GDPR serves as the legal basis.

If
processing is necessary to safeguard a legitimate interest of our company or a
third party and if the interests, fundamental rights and freedoms of the data
subject do not outweigh the first-mentioned interest, Article 6 Para. 1 Lit. f
GDPR serves as the legal basis for processing.

The
personal data of the data subject is deleted or blocked as soon as the purpose
for storage ceases to exist. Furthermore, data may be stored if this has been
provided for by the European or national legislator in EU regulations, laws or
other provisions to which the controller is subject. The data will also be
blocked or deleted if a storage period prescribed by the aforementioned
standards expires unless there is a need for further storage of the data for
the conclusion or fulfilment of a contract.

On
every visit to our website, our system automatically collects data and
information from the computer system of the computer being used.

The
following data is collected:

(1)browser
type and version

(2)the
operating system used

(3)the
user’s Internet service provider

(4)the IP
address

(5)data
and time of access

(6)websites
from which the user’s system reaches our website

(7)websites
accessed by the user’s system via our website

The
data is also stored in the log files of our system. The IP addresses of the
user or other data that enables the assignment of the data to a user are not
affected by this. Storage of this data together with other data of the user
does not take place.

The
temporary storage of the IP address by the system is necessary to enable
delivery of the website to the user’s computer. The user’s IP address must be
stored for the duration of the session for this purpose.

Data
is stored in log files to ensure the functionality of the website. The data
also helps us to optimise the website and to ensure the security of our
information technology systems. An analysis of the data for marketing purposes
does not take place in this context.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection. In the case of data collection for the provision of the
website, this is the case when the respective session has ended.

In
the case of data being stored in log files, this is the case after seven days
at the latest. Further storage is possible. In this case, the user’s IP address
is deleted or distorted so that the assignment of the client is no longer
possible.

Our
website uses “cookies”. Cookies are text files that are stored in the Internet
browser or by the Internet browser of the user’s computer system. If a user
visits a website, a cookie may be stored on the user’s operating system. This
cookie contains a characteristic string that enables the unique identification
of the browser when the website is visited again.

We use
cookies to make our website more user-friendly. Some elements of our website
require that the browser can be identified even after a page change. This
includes, for example, access data for closed areas of our website that require
a login.

We also
use cookies on our site which enable an analysis of the user’s surfing
behaviour. The user data collected in this way is pseudonymised by technical
precautions. Therefore, it is no longer possible to assign the data to the
accessing user as a person. The data will not be stored together with the
user’s other personal data.

The
purpose of using of technically necessary cookies is to simplify the use of
websites for users. Not all functions can be offered without using cookies.

The
data collected by technically necessary cookies is not used to create user
profiles. The use of this type of cookies is for the purpose of improving the
quality of our website and its content. By doing so, we learn how the website
is used and can therefore constantly optimise what we offer.

Cookies
are stored on the user’s computer and transmitted to our site. Therefore, users
also have full control over the use of cookies. Users can deactivate or
restrict the transmission of cookies by changing the settings in their Internet
browser. Cookies that are already stored can be deleted at any time. This can
be done automatically. If cookies are deactivated for our website, it is
possible that not all functions can be used to their full extent.

The
transmission of Flash cookies cannot be prevented via the browser settings but
by changing the settings of the Flash Player.

We
provide the option to register on our website or in our web app by entering
personal data in an input mask from where it is transferred to us. We then
store this data.

The
customer registers in the app or on the website to use all of the functions offered
by bonVito. The customer enters the data required for this and confirms his
registration.

a)On
our website

The
following minimum data is collected during the registration process:

(1)Email
address

(2)Password
to be set by the user

(3)Numerical
code

Optional
information

(4)Title

(5)First
name and surname

(6)Street,
house number, post code and city

(7)Country

(8)Language
preferences

(9)Date of
birth

(10)Mobile number

The
following data will also be stored at the time of sending the message:

(1)user’s
IP address

(2)date
and time of registration

Alternatively,
users can register with the Facebook or Google login (Single Sign On). The
customer can register with bonVito through an integrated social plugin using
his existing Facebook or Google account. Personal data is transferred once from
Facebook or Google to the website during this process. Users have approved this
data on Facebook or Google for this purpose and it usually includes:

(1)Salutation

(2)First
name and surname

(3)Country

(4)Language
preferences

The
link between the user account and a unique user ID of the Facebook or Google
account is stored. The other data transferred by Facebook or Google is not
stored.

b)In
the app

The
following minimum data is collected during the registration process:

(1)Email
address

(2)Password
to be set by the user

(3)Country

(4)Language
preferences

Optional
information

(5)Title

(6)First
name and surname

(7)Street,
house number, post code and city

(8)Date of
birth

(9)Mobile
number

The
following data will also be stored at the time of sending the message:

(1)user’s
IP address

(2)date and
time of registration

During
the registration process, the user’s consent is obtained for processing and
reference is made to this data privacy policy, which also contains the specific
consent text below.

The
legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user
has given consent.

If
the registration serves to fulfil a contract of which the user is a contracting
party or to implement pre-contractual measures, Article 6 Para. 1 lit. b GDPR
serves as an additional legal basis for processing the data.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection.

During
the registration process, this is the case for the fulfilment of a contract or
implementation of pre-contractual measures when the data is no longer required
for the fulfilment of the contract. Personal data of the contractual partner
may have to remain stored even after the expiry of the contract in order to
meet contractual or legal obligations.

As
a user, you may cancel your registration at any time. You can request for your
stored data to be modified at any time.

To
do so, you can contact us per email, phone or in writing.

However,
if the data is required for the fulfilment of a contract or implementation of
pre-contractual measures, it can only be deleted early if no contractual or
legal obligations prevent such deletion.

We
provide users with the option to reserve a table in a restaurant on our
website. The data is entered in an input mask from where it is transferred to
us. We then store this data and transfer it to the restaurant where the table
is to be reserved.

The
customer selects a time for the table reservation and enters the following data
on the website:

(1)Email
address

(2)Title

(3)First
name and surname

(4)Company,
if applicable

(5)Phone
no.

(6)Mobile
number

The
following data will also be stored at the time of sending the message:

(7)user’s
IP address

(8)date
and time of registration

During
the registration process, the user’s consent is obtained for processing and
reference is made to this data privacy policy, which also contains the specific
consent text below.

The
legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user
has given consent.

If
the table reservation serves to fulfil a contract of which the user is a
contracting party or to implement pre-contractual measures, Article 6 Para. 1
lit. b GDPR serves as an additional legal basis for processing the data. In
addition, Article 6 Para. 1 lit. f GDPR forms the legal basis for using the online
table reservation.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection.

During
the registration process, this is the case for the fulfilment of a contract or
implementation of pre-contractual measures when the data is no longer required
for the fulfilment of the contract. Personal data of the contractual partner
may have to remain stored even after the expiry of the contract in order to
meet contractual or legal obligations.

As
a user, you may cancel your registration at any time. You can request for your
stored data to be modified at any time.

to
do so, you can contact us per email, phone or in writing.

However,
if the data is required for the fulfilment of a contract or implementation of pre-contractual
measures, it can only be deleted early if no contractual or legal obligations
prevent such deletion.

We
provide users with the option to order goods from a restaurant on our website.
The data is entered in an input mask from where it is transferred to us. We
then store this data and transfer it to the restaurant where the goods are
ordered.

The
consumer selects a delivery location by clicking on it on the website and
leaves a message if he wishes to collect the goods. He then selects the goods
that he wishes to order.

He
now can enter the following data:

(1)Salutation

(2)First
name

(3)Surname

(4)email
address

(5)Company

(6)Phone
no.

(7)Mobile
number

(8)Street
and house number

(9)Place

(10)Country

(11)Language
preferences

(12)Status report

The
following data will also be stored at the time of sending the message:

(13)user’s IP address

(14)date and time of
registration

During
the registration process, the user’s consent is obtained for processing and
reference is made to this data privacy policy, which also contains the specific
consent text below.

The
legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user
has given consent.

If
the order serves to fulfil a contract of which the user is a contracting party
or to implement pre-contractual measures, Article 6 Para. 1 lit. b GDPR serves
as an additional legal basis for processing the data. In addition, Article 6
Para. 1 lit. f GDPR forms the legal basis for using the online ordering option.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection.

During
the ordering process, this is the case for the fulfilment of a contract or
implementation of pre-contractual measures when the data is no longer required
for the fulfilment of the contract. Personal data of the contractual partner
may have to remain stored even after the expiry of the contract in order to
meet contractual or legal obligations.

As
a user, you may terminate your order at any time. Users can request for the
stored user data to be modified at any time.

to
do so, you can contact us per email, phone or in writing.

However,
if the data is required for the fulfilment of a contract or implementation of
pre-contractual measures, it can only be deleted early if no contractual or
legal obligations prevent such deletion.

Collecting
the user’s data is for delivering the newsletter. The other personal data
processed during the sending process serves to prevent misuse of the contact
form and to ensure the security of our information technology systems.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection. The user’s email address will therefore be stored as long as
the newsletter subscription is active.

There
are contact forms on our website that can be used for electronic contact. If a
user uses this option, the data entered in the input screen will be transmitted
to us and stored. Depending on the selected form, the data includes, at a
minimum:

(1)Name

(2)post
code

(3)email
address

(4)Phone
no.

Optional
information

(5)Title

(6)First
name and surname

(7)Street,
house number, post code and city

(8)Country

(9)The
Company

(10)Phone number

(11)Manner in which
the user became aware of us

(12)Language
preferences

(13)Date of birth

The
following data will also be stored at the time of sending the message:

(1)user’s
IP address

(2)date
and time of registration

During
contact, the user’s consent is obtained for processing and reference is made to
this data privacy policy, which also contains the specific consent text below.

Alternatively,
you can contact us via the email address provided. In this case, the user’s
personal data transmitted by email will be stored.

Data
is not passed on to third parties in connection with this. The data is only
used for processing the conversation.

The
legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user
has given consent.

The
legal basis for processing data transferred as part of sending an email is Article
6 Para. 1 Lit. f. GDPR. If the aim of the email is concluding a contract, the
additional legal basis for processing is Article 6 Para. 1 Lit. b GDPR.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection. For personal data from the contact form input screen and
that which was sent by email, this is the case when the respective conversation
with the user is finished. The conversation is terminated when the
circumstances show that it is certain that the matter in question has been
conclusively resolved.

The
other personal data collected during the sending process will be deleted after
a period of seven days at the latest.

The
user has the option of revoking his/her consent to the processing of personal
data at any time. If the user contacts us via email, he/she can object to the
storage of his/her personal data at any time. In a case such as this, the
conversation cannot be continued.

The
revocation of consent and the objection to storage is possible verbally, in
writing or by email.

All
personal data stored in the course of contacting us will be deleted in this
case.

We use
Google Analytics on our website to analyse our users’ surfing behaviour. The
software places a cookie on the users’ computer (see above for more information
about cookies). The following data is stored if individual pages on our website
are visited:

(1)two
bytes of the IP address of the user’s visiting system

(2)the
website visited

(3)the
website from which the user came to the website visited (referrer)

(4)the
subpages that are accessed from the visited website

(5)the
length of stay on the website

(6)the
frequency of visiting the website

Google
uses cookies. The information generated by the cookie about your use of the
online service by users is normally transmitted to and stored by Google on a
server in the USA. Google is certified under the Privacy Shield Agreement and
therefore provides a guarantee of compliance with European Data
Protection Law. We only use Google Analytics with
activated IP anonymisation. This means users’ IP addresses will be truncated
beforehand within a member state of the European Union or in other contracting
states to the Agreement on the European Economic Area. The IP address
transferred by the browser is not associated with any other data held by
Google. Users can prevent the storage of cookies by selecting the appropriate
settings in their browser software; users can also prevent Google from
collecting data generated by the cookie and relating to their use of the online
service and from processing this data by downloading and installing the browser
plug-in available using the following link.
Further information on the use of data for advertising purposes by Google,
setting and objection options can be found on Google’s websites: “How Google uses
data when you use our partners’ sites or apps”, “How Google uses
cookies in advertising”, “Control the information Google uses to
show you ads”. Google will use this information on our
behalf to analyse the use of our online service by users, to compile reports on
the activities within this online service and to provide us with other services
associated with the use of this website and the use of the Internet. In doing
so, pseudonymous user profiles may be created from the processed data.

Processing
users’ personal data enables us to analyse our users’ surfing behaviour. We are
in a position to compile information about the use of the individual components
of our website by evaluating the data obtained. This helps us to continuously
improve our website and its user-friendliness.

Our
legitimate interest in processing data in accordance with Article 6 Para. 1
Lit. f GDPR also lies in these purposes. By anonymising the IP address, users'
interest in protecting their personal data is sufficiently taken into account.

Sessions
and campaigns are terminated after a certain period of time. Sessions are
closed after 30 minutes without activity and campaigns after six months as
standard. The time limit for campaigns cannot be more than two years. Users
will find more information on user conditions and data privacy at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/

Cookies
are stored on the user’s computer and transmitted to our site. Therefore, users
also have full control over the use of cookies. You can deactivate or restrict
the transmission of cookies by changing the settings in your Internet browser.
Cookies that are already stored can be deleted at any time. This can be done
automatically. If cookies are deactivated for our website, it is possible that
not all functions can be used to their full extent.

Users
can also prevent Google’s collection and use of data generated by the cookie
and related to use of the website (including IP address) by downloading and installing
this browser
add-on.

Opt-out
cookies prevent the future collection of user data when visiting this website.
To prevent Universal Analytics from collecting data across different devices,
users must carry out the opt-out on all
systems used.

Our
email newsletter is dispatched via the technical service provider CleverReach
GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”) to whom we pass
on the data provided by the user when registering for the newsletter. Data
entered by the user for the purpose of subscribing to the newsletter (e.g.
email address) is stored on CleverReach servers in Germany or Ireland.

CleverReach
uses this information to send and statistically evaluate the newsletter on our
behalf. For the evaluation, the emails sent contain so-called “web beacons” or
“tracking pixels” which represent single-pixel image files stored on our
website. This determines whether a newsletter message is opened and which links
have been clicked on. It can also be analysed whether a predefined action has
been made after clicking on the link in the newsletter with the help of
so-called “conversion tracking”. Technical information is also recorded (e.g.
time of visit, IP address, browser type and operating system). Data is
collected exclusively in pseudonymised form and is not linked to other personal
data of the users, direct links to a particular individual are excluded. This
data is only used for statistically analysing newsletter campaigns. The results
of these analyses can be used to better adapt future newsletters to recipients’
interests.

The
disclosure of users’ personal data enables us to use an effective, secure and
user-friendly newsletter system that can be optimised.

Our
legitimate interest in processing data in accordance with Article 6 Para. 1
Lit. f GDPR also lies in these purposes. By anonymising the IP address, users'
interest in protecting their personal data is sufficiently taken into account.

We
use the marketing and remarketing services (“Google Marketing Services”) by
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
("Google"). Google is certified under the Privacy Shield Agreement
and therefore provides a guarantee of compliance with European Data
Protection Law. The Google Marketing Services allow us
to target ads for and on our site to only present users with ads that
potentially match their interests. For example, if a user sees ads for products
he has been interested in on other websites, this is referred to as
“remarketing”. For these purposes, when our and other websites are accessed (on
which Google Marketing Services are active), Google directly runs a code from
Google and so-called “(re)marketing tags” (invisible graphics or code, also
known as “web beacons") are integrated into the website. With their help,
an individual cookie, i.e. a small file, is stored on the user’s device
(comparable technologies can also be used instead of cookies). Cookies can be
set by various domains, including google.com, doubleclick.net, invitemedia.com,
admeld.com, googlesyndication.com or googleadservices.com. In this file it is
noted which websites the user visits, which contents he/she is interested in
and which offers he/she has clicked on; furthermore, it notes technical
information about the browser and operating system, referring websites,
visiting time as well as further information about the use of the online
service. The users’ IP address is also recorded, whereby we, within the
framework of Google Analytics, disclose that the IP address is truncated within
member states of the European Union or in other contracting states of the European
Economic Area Agreement and only completely transmitted to a Google server in
the USA and truncated there in exceptional cases. The IP address is not
combined with the user’s data within other Google offers. The aforementioned
information may also be linked by Google to information from other sources. If
the user then visits other websites, ads tailored to his interests can be
displayed. Users’ data is processed pseudonymously within the framework of
Google Marketing Services. This means that Google does not store and process,
for example, the name or email address of the user; it processes the relevant
cookie-related data within pseudonymous user profiles. From Google's point of
view, this means that the ads are not managed and displayed for a specifically
identified person, but for the cookie holder, regardless of who this cookie
holder is. This does not apply if a Google user has explicitly allowed data to
be processed with this pseudonymisation. The information collected about the
user by Google Marketing Services is transmitted to Google and stored on Google
servers in the USA. One of the Google Marketing Services we use includes the
online advertising program “Google AdWords”. In the case of Google AdWords,
each AdWords customer receives a different “conversion cookie”. Cookies can
therefore not be tracked via the websites of AdWords customers. The information
obtained with the help of cookies serve to create conversion statistics for
AdWords customers who have decided on conversion tracking. AdWords customers
are informed of the total number of users that have clicked on their advert and
were redirected to a page with a conversion tracking tag. They receive no
information that could be used to personally identify a user. We can integrate
third-party ads based on the Google Marketing Service “DoubleClick”.
DoubleClick uses cookies to enable Google and its partner sites to place ads
based on users’ visits to this website or other websites on the Internet. We
can integrate third-party ads based on the Google Marketing Service “AdSense”.
AdSense uses cookies to enable Google and its partner sites to place ads based
on users’ visits to this website or other websites on the Internet. We may also
use the “Google Optimizer” service. Google Optimizer allows us to understand
the effects of various changes to a website (e.g. changes to input fields,
design, etc.) within the framework of so-called “A/B testing”. Cookies are
stored on users’ devices for these test purposes. In doing so, only
pseudonymous user data is processed. Furthermore, we may also use “Google Tag
Manager” to integrate and manage Google analysis and marketing services into
our website. You will find more information on data use for marketing purposes
by Google on the overview page;
Google’s data privacy policy can be viewed here.

According
to its own information, the log data collected by Google is anonymised by
deleting part of the IP address and the cookie information after 9 or 18
months. Users will find more information here.

Cookies
are stored on the user’s computer and transmitted to our site. Therefore, users
also have full control over the use of cookies. You can deactivate or restrict
the transmission of cookies by changing the settings in your Internet browser.
Cookies that are already stored can be deleted at any time. This can be done
automatically. If cookies are deactivated for our website, it is possible that
not all functions can be used to their full extent.

If
users want to object to Internet-based advertising by Google Marketing
Services, they can use Google’s setting and opt-out options.

We
use social plug-ins (“plug-ins”) from the social network Facebook, which is
operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland (“Facebook”). The plug-ins can display interactive elements
or content (e.g. videos, graphics or text contributions) and are identified by
one of the Facebook logos (white “f” on a blue tile, the term “like”, or a
“thumbs up” sign) or are marked with the addition “Facebook social plug-in”.
The list and appearance of Facebook social plug-ins can be viewed here. The
plug-ins are not activated until you click on the corresponding button. If
these are greyed out, the plug-ins are inactive. You have the option of
activating the plug-ins once or permanently. Facebook is certified under the
Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data
Protection Law. When a user views a function of this
online service that contains a plug-in, his/her device establishes a direct
connection to the Facebook servers. The content of the plug-in is transmitted
by Facebook directly to the user’s device and integrated into the website. In
doing so, user profiles may be created from the processed data. We have
therefore no influence on the scope of the data collected by Facebook using
this plug-in and therefore provide users with information in accordance with
our level of knowledge. By integrating plug-ins, Facebook receives the
information that a user has viewed the corresponding page of the online
service. If the user is logged in to Facebook, Facebook can assign the visit to
his/her Facebook account. When users interact with the plug-ins, such as
pressing the “Like” button or posting a comment, the information is sent
directly from your device to Facebook and stored there. If a user is not a
Facebook member, it is still possible for Facebook to obtain and store their IP
address. According to Facebook, only an anonymised IP address is stored in
Germany. The purpose and extent of data collection, further processing and the
use of data by Facebook as well as users’ related rights and possibilities to
configure the settings to secure their privacy can be seen in the Facebook
privacy policies: Facebook’s data privacy information.

According
to its own information,
Facebook stores the date and time of the visit, the specific Internet address
on which the social plug-in is located, and other technical data, such as the
IP address, the browser type and the operating system for a period of 90 days
in order to further optimise Facebook services. After the 90 days have elapsed,
the data is made anonymous so that it cannot be further linked to users.

If
a user is a Facebook member and does not want Facebook to collect data about
him/her via this online service and link it to his/her membership data stored
on Facebook, he/she must logout of Facebook before using our online service and
delete his/her cookies. More settings and objections to the use of data for
advertising purposes are possible within the Facebook profile settings or via
the US page or EU page.
Settings are platform-independent, meaning they apply to all devices, such as
desktop computers or mobile devices.

On our website, we use Google Maps
(API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
(“Google”). Google Maps is a web service for displaying interactive maps to
visually display geographical information. By using this service, users can,
for example, see our location or that of our partners and find their way to us
more easily.

Information about the use of our
website (such as the IP address) is transmitted to and stored by Google on
servers in the USA as soon as the sub-pages into which the Google Maps’ map is
integrated are accessed. This happens regardless of whether Google provides a
user account through which users are logged in or no user account exists. If
users are logged in to Google, their data is assigned directly to their
account. If users do not wish to be assigned to their profile on Google, they
must logout before activating the button. Google saves the data (even for users
who are not logged in) as usage profiles and analyses them.

According
to its own information, the log data collected by Google is anonymised by
deleting part of the IP address and the cookie information after 9 or 18
months. Users will find more information here.

If users do not agree to their data
being transmitted to Google when using Google Maps, they have the option of
completely deactivating the Google Maps web service by switching off the
JavaScript application in the browser. Google Maps, and therefore also the map
display on this website, cannot be used.

We
use the so-called “Facebook pixel” of the social network Facebook, which is
operated by Facebook Inc.,1 Hacker Way, Menlo Park, CA 94025, USA or, if you
are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland (“Facebook”). Facebook is certified under the
Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data
Protection Law. With the help of the Facebook pixel,
Facebook is able to identify visitors to our online service as a target group
for displaying ads (so-called “Facebook ads”). The Facebook pixel is integrated
directly by Facebook when you visit our website and may store a cookie, meaning
a small file, on the user’s device. If users then login to Facebook or visit
Facebook when logged in, their visit to our online service is noted in their
profile. The data collected about users is anonymous to us; they do not provide
us with any information about the identity of the users. However, Facebook
stores and processes the data so that a connection to the respective user
profile is possible and can be used by Facebook as well as for its own market
research and advertising purposes. If we send data to Facebook for comparison
purposes, it is encrypted locally on the browser and only then sent to Facebook
via a secure https connection. This is done solely with the purpose of creating
a comparison with the data that is similarly encrypted by Facebook. Facebook
processes the data in accordance with Facebook's data usage policy.
Accordingly, there is general information on displaying Facebook ads in Facebook’s data
usage policy Facebook. Users will find special information and
details about the Facebook pixel and its functions in the Facebook help
settings.

We
use the Facebook pixel to display the Facebook ads we post only to Facebook
users who have shown an interest in our online service or who have certain
characteristics (e.g. an interest in certain topics or products that are
determined by the websites visited) that we transmit to Facebook (so-called
“custom audiences”). We also want to use the Facebook pixel to ensure that our
Facebook ads meet the potential interest of users and are not annoying. We also
want to use the Facebook pixel to help us understand the effectiveness of
Facebook ads for statistical and market research purposes by showing whether
users have been redirected to our website after clicking on a Facebook ad
(so-called “conversion”).

According
to its own information,
Facebook stores the date and time of the visit, the specific Internet address
on which the social plug-in is located, and other technical data, such as the
IP address, the browser type and the operating system for a period of 90 days
in order to further optimise Facebook services. After the 90 days have elapsed,
the data is made anonymous so that it cannot be further linked to you.

Users
can object to collection by the Facebook pixel and use of data to display
Facebook ads. To control what types of ads appear within Facebook, users can
visit the page set up by Facebook and follow the instructions on user-based
advertising settings. Settings are platform-independent,
meaning they apply to all devices, such as desktop computers or mobile devices.
Users can also object to the use of cookies for measuring reach and for
advertising purposes using the deactivation page of the Network
Advertising Initiative and additionally the US website or European website.

The
data is also stored in the log files of our system. The IP addresses of the
user or other data that enables the assignment of the data to a user are not
affected by this. Storage of this data together with other data of the user
does not take place.

Storage
by the system is necessary to enable delivery of the app to the user’s end
device. The user’s IP address must be stored for the duration of the session
for this purpose.

Data
is stored in log files to ensure functionality. The data also helps us to
optimise the app and to ensure the security of our information technology
systems. An analysis of the data for marketing purposes does not take place in
this context.

The
data is deleted as soon as it is no longer necessary for achieving the purpose
of its collection. In the case of data collection for the provision of the app,
this is the case when the respective session has ended.

In
the case of data being stored in log files, this is the case after seven days
at the latest. Further storage is possible. In this case, the user’s IP address
is deleted or distorted so that the assignment of the client is no longer
possible.

If
users’ personal data is processed, they are the data subject within the meaning
of the GDPR and they are entitled to the following rights from the controller,
whereby the following list includes all of their rights, not just the rights
arising from the use of our services:

Users
can ask the controller to confirm whether personal data concerning you will be
processed by us.

If
processing has taken place, users can request the following information from
the controller:

(1) the
purposes for which personal data is being processed;

(2) the
category of personal data being processed;

(3) the
recipient or categories of recipients to whom the personal data concerning you
has been or is still being disclosed;

(4) the
planned storage duration of the personal data concerning you or, if specific
information on this is not possible, criteria for determining the storage
period;

(5) the
existence of a right to have the personal data concerning you corrected or
deleted, a right to have processing restricted by the controller or a right to
object to this kind of processing;

(6) the
existence of a right to complain to a supervisory authority;

(7) all
available information regarding the origin of the data if the personal data is
not collected from the data subject;

(8) the
existence of automated decision-making, including profiling in accordance with
Article 22 Para. 1 and 4 GDPR and – at least in these cases – significant
information on the logic involved and the scope and intended effects of this
kind of processing for the data subject.

Users have
the right to request information as to whether the personal data concerning
them is transferred to a third country or to an international organisation. In
this context, they can request to be informed of the appropriate guarantees
according to Article 46 GDPR in connection with the transmission.

Users
have a right to the correction and/or completion by the controller if the
personal data processed concerning them is incorrect or incomplete. The
controller must make the correction without delay.

Users
may request that the processing of personal data concerning them be restricted
under the following conditions:

(1) if
users dispute the accuracy of the personal data concerning them for a period of
time that enables the controller to verify the accuracy of the personal data;

(2) processing
is unlawful and users refuse the deletion of the personal data and instead
request that the use of the personal data be restricted;

(3) the
controller no longer needs the personal data for processing purposes but users
need it to assert, exercise or defend legal claims, or

(4) if
users have filed an objection to the processing according to Article 21 Para. 1
GDPR and it has not yet been determined whether the legitimate reasons of the
controller outweigh their reasons.

If the
processing of personal data concerning users has been restricted, this data may
only be processed – aside from being stored – with their consent or for the
purpose of asserting, exercising or defending rights or for protecting the
rights of another natural or legal person or on grounds of important public
interest of the European Union or a member state.

If the
processing restriction has been restricted in accordance with the
aforementioned conditions, users will be informed by the controller before the
restriction is lifted.

a)Deletion
obligation

Users
can request that the controller delete the personal data concerning them
without delay and the controller is obliged to delete this data without delay
if one of the following reasons applies:

(1) The
personal data concerning users is no longer necessary for the purposes for
which it was collected or otherwise processed.

(2) Users
revoke their consent on which the processing was based according to Article 6
Para. 1 Lit. a or Article 9 Para. 2 Lit. a GDPR and there is no other legal
basis for processing.

(3) Users
file an objection against processing according to Article 21 Para. 1 GDPR and
there are no overriding legitimate reasons for processing or they file an
objection against processing according to Article 21 Para. 2 GDPR.

(4) The
personal data concerning the users has been unlawfully processed.

(5) The
deletion of personal data concerning the users is necessary to fulfil a legal
obligation under EU law or the member state law to which the controller is
subject.

(6) The
personal data concerning the users has been collected in relation to
information society services offered according to Article 8 Para. 1 GDPR.

b)Information
to third parties

If the
controller has made personal data concerning users public and is obliged to
delete it according to Article 17 Para. 1 GDPR, it shall take appropriate
measures, including technical measures, taking into account the available
technology and the implementation costs, to inform those responsible for data
processing who process the personal data that you as the data subject have
requested the deletion of all links to this personal data or of copies or
replications of this personal data.

c)Exceptions

The
right to deletion does not exist if processing is required

(1) to
exercise the right to freedom of expression and information;

(2) to
perform a legal obligation required for processing under EU law or member
states’ law to which the controller is subject or to perform a task in the
public interest or to exercise public authority that has been given to the
controller;

(3) for
reasons of public interest in the field of public health according to Article 9
Para. 2 Lit. h and i and Article 9 Para. 3 GDPR;

(4) for
archiving purposes in the public interest, academic or historical research
purposes or for statistical purposes according to Article 89 Para. 1 GDPR, if
the right referred to in a) is likely to make it impossible or seriously impair
the attainment of the objectives of this processing or

If
users have exercised their right to have the controller correct, delete or
limit processing, it is obliged to inform all recipients to whom the personal
data concerning them has been disclosed of this correction or deletion of the
data or processing restriction, unless this proves impossible or involves a
disproportionate effort.

Users
shall also have the right to be informed about these recipients by the
controller.

Users
have the right to receive the personal data concerning them that they have
provided to the controller in a structured, common and machine-readable format.
Furthermore, users have the right to transmit this data to another controller
without any obstruction by the controller to whom the personal data was made
available provided that

(1) processing
is based on consent according to Article 6 Para. 1 Lit. a GDPR or Article 9
Para. 2 Lit. a GDPR or on a contract according to Article 6 Para. 1 Lit. a GDPR
and

(2) processing
is carried out using automated methods.

In
exercising this right, users also have the right to affect that the personal
data concerning them be transferred directly from one controller to another if
this is technically feasible. Freedoms and rights of other people may not be
affected because of this.

The
right to data transferability does not apply to processing personal data
necessary for performing a task in the public interest or in the exercise of
public authority assigned to the controller.

Users
have the right, for reasons arising from your particular situation, to object
to the processing of personal data concerning you under Article 6 Para. 1 Lit.
e or f GDPR at any time; this also applies to profiling based on these
provisions.

The
controller no longer processes the personal data concerning users unless it can
prove compelling legitimate reasons for the processing, which outweigh their
interests, rights and freedoms, or the processing serves to assert, exercise or
defend legal claims.

If the
personal data concerning users is processed for direct marketing purposes,
users have the right to object to the processing of personal data concerning
them for the purpose of this kind of advertising at any time; this also applies
to profiling if it is in connection with this kind of direct marketing.

If
users object to the processing for direct marketing purposes, the personal data
concerning them will no longer be processed for these purposes.

Users
have the option of exercising their right of objection using automated
procedures in which technical specifications are used, in connection with the
use of information society services, notwithstanding Directive 2002/58/EC.

Users
have the right to revoke their declaration of consent relating to data privacy
at any time. The revocation of consent shall not affect the legality of the
processing carried out on the basis of the consent until revocation.

Users
have the right not to be subject to a decision based exclusively on automated
processing, including profiling, that has legal effect against them or
significantly impairs them in a similar manner. This does not apply if the
decision

is
necessary for concluding or fulling a contract between them and the controller,

is
admissible due to EU law or the member state law to which the controller is
subject and where this law contains appropriate measures to safeguard their
rights, freedoms and legitimate interests or

takes
place with their explicit consent.

However,
these decisions may not be based on special categories of personal data
according to Article 9 Para. 1 GDPR unless Article 9 Para. 2 Lit. a or g GDPR
applies and appropriate measures have been taken to protect your rights,
freedoms and legitimate interests.

In the
cases referred to in (1) and (3), the controller shall take reasonable measures
to safeguard their rights, freedoms and legitimate interests, including at
least the right to obtain the intervention of a person by the controller, to
state its own position and to challenge the decision.

Irrespective
of any other administrative or judicial remedy, users have the right to
complain to a supervisory authority, in particular in the member state in which
they are residing, working or suspected of violation, if they believe that the
processing of personal data concerning them is contrary to the GDPR.

The
supervisory authority to which the complaint has been lodged shall inform the
complainant of the status and results of the complaint, including the
possibility of a judicial remedy under Article 78 GDPR.

I agree for Vectron and bonVito to process
my data entered in the input screen for the purpose of responding to my contact
request, whereby processing according to Article 4 No. 2 GDPR means any
operation carried out with or without the help of automated procedures or any
such set of operations relating to personal data, such as the collection,
recording, organisation, classification, storage, adaptation or alteration,
selection, retrieval, use, disclosure by transmission, dissemination or any
other form of provision, comparison or linking, restriction, deletion or
destruction.

I agree for Vectron and bonVito to process
my data entered in the input screen for the purpose of sending a newsletter,
whereby processing according to Article 4 No. 2 GDPR means any operation
carried out with or without the help of automated procedures or any such set of
operations relating to personal data, such as the collection, recording,
organisation, classification, storage, adaptation or alteration, selection,
retrieval, use, disclosure by transmission, dissemination or any other form of
provision, comparison or linking, restriction, deletion or destruction.

I agree for Vectron and bonVito to process
my data entered in the input screen for the purpose of reserving a table,
whereby processing according to Article 4 No. 2 GDPR means any operation
carried out with or without the help of automated procedures or any such set of
operations relating to personal data, such as the collection, recording,
organisation, classification, storage, adaptation or alteration, selection,
retrieval, use, disclosure by transmission, dissemination or any other form of
provision, comparison or linking, restriction, deletion or destruction.

I also agree for Vectron and bonVito to
transfer my data entered in the input mask to the restaurant where I wish to
reserve a table for the purpose of reserving a table.

I agree for Vectron and bonVito to process
my data entered in the input screen for the purpose of placing an order,
whereby processing according to Article 4 No. 2 GDPR means any operation
carried out with or without the help of automated procedures or any such set of
operations relating to personal data, such as the collection, recording,
organisation, classification, storage, adaptation or alteration, selection,
retrieval, use, disclosure by transmission, dissemination or any other form of
provision, comparison or linking, restriction, deletion or destruction.

I also agree for
Vectron and bonVito to transfer my data entered in the input mask to the
restaurant where I wish to order goods for the purpose of completing the order.